Switch the meterpreter to SSLv3 and try to generate a slightly more realistic CN for the certificate. The goal is to work through a wider range of inline proxies.

git-svn-id: file:///home/svn/framework3/trunk@7311 4d416f70-5f16-0410-b530-b9f4589650da

external/source/meterpreter/source/server/server_setup.c

@@ -144,7 +144,7 @@ static DWORD negotiate_ssl(Remote *remote)
 	SSL_load_error_strings();
 	SSL_library_init();
 
-	remote->meth = TLSv1_client_method();
+	remote->meth = SSLv3_client_method();
 
 	remote->ctx  = SSL_CTX_new(remote->meth);
 	SSL_CTX_set_mode(remote->ctx, SSL_MODE_AUTO_RETRY);

lib/rex/post/meterpreter/client.rb

@@ -131,20 +131,20 @@ class Client
 		cert = OpenSSL::X509::Certificate.new
 		cert.version = 2
 		cert.serial  = rand(0xFFFFFFFF)
-		# name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]])
+
 		subject = OpenSSL::X509::Name.new([
 				["C","US"],
 				['ST', Rex::Text.rand_state()],
 				["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
 				["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
-				["CN", Rex::Text.rand_hostname],
+				["CN", self.sock.getsockname[1] || Rex::Text.rand_hostname],
 			])
 		issuer = OpenSSL::X509::Name.new([
 				["C","US"],
 				['ST', Rex::Text.rand_state()],
 				["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
 				["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
-				["CN", Rex::Text.rand_hostname],
+				["CN", Rex::Text.rand_text_alpha(rand(20) + 10)],
 			])
 
 		cert.subject = subject
@@ -163,11 +163,11 @@ class Client
 		cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
 		cert.sign(key, OpenSSL::Digest::SHA1.new)
 
-		ctx = OpenSSL::SSL::SSLContext.new(:TLSv1)
+		ctx = OpenSSL::SSL::SSLContext.new(:SSLv3)
 		ctx.key = key
 		ctx.cert = cert
 
-		ctx.session_id_context = OpenSSL::Digest::MD5.hexdigest(::Rex::Text.rand_text(64))
+		ctx.session_id_context = Rex::Text.rand_text(16)
 
 		return ctx
 	end
@@ -318,3 +318,4 @@ protected
 end
 
 end; end; end
+